TOC - HackMD

# TOC - [Weak\_Key\_Exchange\_issue](#weak_key_exchange_issue) - [Variables](#variables) - [How to use](#how-to-use) - [1. 將 Weak\_Key\_Exchange\_issue/ 放置carpstack VM 的 /opt/deploy/ansible/roles](#1-將-weak_key_exchange_issue-放置carpstack-vm-的-optdeployansibleroles) - [2. 對 openstack 節點操作](#2-對-openstack-節點操作) - [3. 對 Storage 節點操作](#3-對-storage-節點操作) - [20240514 更新](#20240514-更新) # Weak_Key_Exchange_issue 負責更新處理: 1. 調整 /etc/ssh/sshd_config 弱密碼設定 & 重啟sshd ## Variables None ## How to use #### 1. 將 Weak_Key_Exchange_issue/ 放置carpstack VM 的 /opt/deploy/ansible/roles <br> #### 2. 對 openstack 節點操作 a. Create a playbook. (Weak_Key_Exchange_issue-openstack.yaml) - 位置: /opt/deploy/ansible/ ```yaml --- - name: Update sshd_config (@Control,@Network_hosts,@Compute_hosts) osts: Control_hosts,Network_hosts,Compute_hosts roles: - Weak_Key_Exchange_issue tags: - Weak_Key_Exchange_issue ``` b. Execute a playbook and assign inventory. ```shell ansible-playbook -i inventory/iaas_inventory.ini Weak_Key_Exchange_issue-openstack.yaml ``` <br><br> #### 3. 對 Storage 節點操作 ##### 20240514 更新 - inventory/storage_inventory.ini 並沒有記錄所有storage node 節點，故使用carpstack 管理資訊，產生紀錄所有節點的inventory.ini， a. 產生 fixo_inventory.ini ```bash ## 重新整理 inventory.json carpstack-cli node create-inventory ## 檢查已產生的 inventory.json 位置 carpstack-cli node list-inventory ## 檢查 inventory.json 產生日期是否更新 (通常是指需要關注 fixo_inventory.ini ) ls -al /opt/deploy/ansible/inventory/*.json ## inventory.json to inventory.ini python roles/Weak_Key_Exchange_issue/files/ansible_print_all_nodes_to_inventory.py /opt/deploy/ansible/inventoy/fixo_inventory.json > /opt/deploy/ansible/inventoy/fixo_inventory.ini ``` b. Create a playbook. (Weak_Key_Exchange_issue-storage.yaml) - 位置: /opt/deploy/ansible/ ```yaml --- - name: Update sshd_config hosts: All_nodes roles: - Weak_Key_Exchange_issue tags: - Weak_Key_Exchange_issue ``` c. Execute a playbook and assign inventory. ```shell ansible-playbook -i inventory/fixo_inventory.ini Weak_Key_Exchange_issue-storage.yaml ``` - 因節點下線可能不一定會經過 carpstack 紀錄，所以可能會有部分節點因下線無法連線而顯示部分失敗 - 結束後有可能會遇到少數未經過carpstack 納管節點無法更新問題，需要手動進入節點更新